Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Ubuntu 11.10 USN-1310-1 Critical: Libarchive Code Execution Risk

ubuntu
Calendar Grey December 19, 2011
Scroller Ubuntu
Security flaws in Libarchive may allow remote adversaries to cause application crashes or execute unauthorized commands through maliciously designed files.
libarchive could be made to crash or run programs as your login if it opened a specially crafted file.

Summary

libarchive could be made to crash or run programs as your login if it

opened a specially crafted file.

Software Description:

- libarchive: Library to read/write archive files

Details:

It was discovered that libarchive incorrectly handled certain ISO 9660

image files. If a user were tricked into using a specially crafted

ISO 9660 image file, a remote attacker could cause libarchive to crash or

possibly execute arbitrary code with user privileges. (CVE-2011-1777)

It was discovered that libarchive incorrectly handled certain tar archive

files. If a user were tricked into using a specially crafted tar file, a

remote attacker could cause libarchive to crash or possibly execute

arbitrary code with user privileges. (CVE-2011-1778)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
  libarchive1                     2.8.4-1ubuntu0.11.10.1

Ubuntu 11.04:
  libarchive1                     2.8.4-1ubuntu0.11.04.1

Ubuntu 10.10:
  libarchive1                     2.8.4-1ubuntu0.10.10.1

Ubuntu 10.04 LTS:
  libarchive1                     2.8.0-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-1310-1

CVE-2011-1777, CVE-2011-1778

Severity
critical
Lowest
Low
Medium
High
Critical

December 19, 2011

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.